Posts

OpenSSL is a widespread, open-source SSL protocol application and is widespread and used by numerous projects and organization for providing rapid, adaptable and “secure” solution.

OpenSSL has recently reached headlines again, but on a bad note. As of late (the past two years or so), the older and current versions of SSL have suffered from application issues that were considered critical and which lead to the exposure of almost all SSL-based projects (not to be confused with protocol-level issues such as POODLE and BEAST attacks).

After a few months of work and research we have updated the SSL Analyzer tool to version 1.1. So, here is a description about the SSL Analyzer and who should use it.

What is it?

This tool was created for penetration testers and for site administrations who want to check if their server allows usage of insecure SSL algorithms.

SSL did not allow attackers to read/change the traffic between the client (computer/mobile browser) and the server, if the server allows insecure algorithms, the attacker can force the browser to use them and break the encryption (as they are named, they are insecure algorithms…).

Easy to use

SSL Vulnerabilities Analyzer has a nice interactive tool that makes it easy to run and check if the server contains insecure algorithms also for non-technical people.

Source code

SSL vulnerabilities analyzer shared with his source code under GPL v3 license, as a gift back to the open source community.